Skip to content

Commit

Permalink
test: Migrate CI to GtiHub [SDK-4450] (#1437)
Browse files Browse the repository at this point in the history
  • Loading branch information
adamjmcgrath authored Oct 13, 2023
2 parents 73520f8 + c6839a6 commit 37e334b
Show file tree
Hide file tree
Showing 11 changed files with 439 additions and 66 deletions.
55 changes: 0 additions & 55 deletions .circleci/config.yml

This file was deleted.

30 changes: 30 additions & 0 deletions .github/actions/build/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
name: Build package
description: Build the SDK package

inputs:
node:
description: The Node version to use
required: false
default: 18

runs:
using: composite

steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node }}
cache: npm

- shell: bash
run: npm ci
env:
NODE_ENV: development

- shell: bash
run: npm run install:example
env:
NODE_ENV: development

- shell: bash
run: npm run build
25 changes: 25 additions & 0 deletions .github/actions/prepare/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Prepare test
description: Prepare an SDK test

inputs:
node:
description: The Node version to use
required: false
default: 18
cache:
description: The cache key identifier to use
required: true

runs:
using: composite

steps:
- uses: actions/setup-node@v3
with:
node-version: ${{ inputs.node }}
cache: npm

- uses: actions/cache/restore@v3
with:
path: .
key: ${{ inputs.cache }}
9 changes: 7 additions & 2 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -1,9 +1,14 @@
version: 2
updates:
- package-ecosystem: "npm"
directory: "/"
- package-ecosystem: "npm"
directory: "/"
schedule:
interval: "daily"
ignore:
- dependency-name: "*"
update-types: ["version-update:semver-major"]

- package-ecosystem: 'github-actions'
directory: '/'
schedule:
interval: 'daily'
57 changes: 57 additions & 0 deletions .github/workflows/browserstack.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
name: Browserstack

on:
merge_group:
workflow_dispatch:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

env:
NODE_VERSION: 18
CACHE_KEY: '${{ github.event.pull_request.head.sha || github.ref }}-${{ github.run_id }}-${{ github.run_attempt }}'

jobs:
authorize:
name: Authorize
environment: ${{ github.actor != 'dependabot[bot]' && github.event_name == 'pull_request_target' && github.event.pull_request.head.repo.full_name != github.repository && 'external' || 'internal' }}
runs-on: ubuntu-latest
steps:
- run: true

browserstack:
needs: authorize # Require approval before running on forked pull requests

name: Run Tests
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha || github.ref }}

- uses: ./.github/actions/build
with:
node: ${{ env.NODE_VERSION }}

- shell: bash
run: npm i --prefix=example-app --no-package-lock
env:
NODE_ENV: development

- shell: bash
run: npx start-server-and-test "start:example-local" http://localhost:3000 "browserstack-cypress run --build-name ${{ github.event.pull_request.head.sha || github.ref }} --no-wrap"
env:
BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
53 changes: 53 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
name: CodeQL

on:
merge_group:
pull_request:
types:
- opened
- synchronize
push:
branches:
- main
schedule:
- cron: '37 10 * * 2'

permissions:
actions: read
contents: read
security-events: write

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}

jobs:
analyze:
name: Check for Vulnerabilities
runs-on: ubuntu-latest

strategy:
fail-fast: false
matrix:
language: [javascript]

steps:
- if: github.actor == 'dependabot[bot]' || github.event_name == 'merge_group'
run: exit 0 # Skip unnecessary test runs for dependabot and merge queues. Artifically flag as successful, as this is a required check for branch protection.

- name: Checkout
uses: actions/checkout@v4

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: +security-and-quality

- name: Autobuild
uses: github/codeql-action/autobuild@v2

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: '/language:${{ matrix.language }}'
110 changes: 110 additions & 0 deletions .github/workflows/publish.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
name: Publish Release

on:
workflow_dispatch:
inputs:
branch:
description: The branch to release from
required: true
default: main
version:
description: The version being published. This should be a valid semver version, such as `1.0.0`.
required: true
default: ''
type: string
dry-run:
type: boolean
description: Perform a publishing dry run. This will not publish the release, but will validate the release and log the commands that would be run.
default: false

permissions:
contents: read
id-token: write # For publishing to NPM with provenance. Allows developers to run `npm audit signatures` and verify release signature of SDK. @see https://github.blog/2023-04-19-introducing-npm-package-provenance/
packages: write # For cross-publishing to GitHub Packages registry.

env:
NODE_VERSION: 18
NODE_ENV: development

jobs:
configure:
name: Validate input parameters
runs-on: ubuntu-latest

outputs:
vtag: ${{ steps.vtag.outputs.vtag }} # The fully constructed release tag to use for publishing
dry-run: ${{ steps.dry-run.outputs.dry-run }} # The dry-run flag to use for publishing, if applicable

steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}

# Configure for dry-run, if applicable. @see https://docs.npmjs.com/cli/v9/commands/npm-publish#dry-run
- id: dry-run
if: ${{ github.event.inputs.dry-run == 'true' }}
name: Configure for `--dry-run`
run: |
echo "dry-run=--dry-run" >> $GITHUB_ENV
echo "dry-run=--dry-run" >> $GITHUB_OUTPUT
# Build the tag string from package.json version and release suffix. Produces something like `1.0.0-beta.1` for a beta, or `1.0.0` for a stable release.
- name: Build tag
id: vtag
run: |
PACKAGE_VERSION="${{ github.event.inputs.version }}"
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_ENV
echo "vtag=${PACKAGE_VERSION}" >> $GITHUB_OUTPUT
# Ensure tag does not already exist.
- name: Validate version
uses: actions/github-script@v6
env:
vtag: ${{ env.vtag }}
with:
script: |
const releaseMeta = github.rest.repos.listReleases.endpoint.merge({
owner: context.repo.owner,
repo: context.repo.repo,
});
const releases = await github.paginate(releaseMeta);
for (const release of releases) {
if (release.name === process.env.vtag) {
throw new Error(`${process.env.vtag} already exists`);
}
}
console.log(`${process.env.vtag} does not exist. Proceeding with release.`)
publish-npm:
needs: configure

name: Publish to NPM
runs-on: ubuntu-latest
environment: 'release'

steps:
- name: Checkout code
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{ github.event.inputs.branch }}

- name: Setup Node
uses: actions/setup-node@v3
with:
node-version: ${{ env.NODE_VERSION }}
cache: npm
registry-url: 'https://registry.npmjs.org'

- name: Install dependencies
run: npm ci

- name: Publish release to NPM
run: npm publish --provenance --tag ${{ needs.configure.outputs.vtag }} ${{ needs.configure.outputs.dry-run }}
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
Loading

0 comments on commit 37e334b

Please sign in to comment.